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/ 1 . A method comprising the step of: 

h generating a display of privilege state data in a three-dimensional view. 

2. A method as claimed in claim 1 wherein the privilege state data include graphical 
symbols indicating\it least "on" and "off states. 

3. A method \s claimed in claim 1 wherein the privilege state data includes graphical 
symbols indicating "onY "inherited on", "public on", "off, "not set", and "disabled" states. 

4. A method as claimed in claim 1 wherein the display includes privilege labels, object 
labels, and user labels generated based on privilege data, object data, and user data, respectively, 
the privilege labels, object labels, and user labels arranged along respective axes of the three- 
dimensional view. \ 

5. A method as claimed m claim 4 wherein the privilege state data are displayed in a 
plurality of cells arranged in association with respective privilege labels, object labels, and user 
labels. \ 

6. A method as claimed in claim 1 wherein the cells are displayed in association with 
privilege labels, object labels, and user labels, the privilege labels identifying at least one 
privilege, the object labels identifying ameast one object associated with the privilege, and the 
user labels identifying at least one user or group of users using the object in the network system. 

7. A method as claimed in claim 6 wnferein the privilege labels, the object labels, and the 
user labels are arranged along respective transverse axes in the three-dimension view. 

8. A method as claimed in claim 6 whereimthe privilege labels identifies data access, data 
view, and data flow privileges to access or transfer Mata pertaining to the object within or without 
the network system. \ 

9. A method as claimed in claim 6 wherein the privilege labels identifies data access 
privileges. \ 
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10. VA method as claimed in claim 9 wherein the data access privileges include the 
capabilities to read, write, create, and delete data for an object stored in a database accessible by 
the networklsystem. 

11. Aunethod as claimed in claim 6 wherein the object labels identifies data for at least 
one object stored in a database accessible by the network system. 

12. A method as claimed in claim 6 wherein the privilege labels identifies view privileges 
including a privilege to create a view of privilege state data for objects. 



group. 



13. A methocKas claimed in claim 1 wherein the user labels identifies at least one user 



14. A method as cmimed in claim 1 wherein the user labels identifies at least one user. 



15. A method as claimed in claim 1 wherein the privilege state data indicates privilege 
states of at least one user or us§r group with respect to objects accessible in a network system. 

16. A method as claimed V claim 1 wherein the privilege state data indicates privilege 
states of at least one user or user groUp with respect to data objects stored in a data storage unit. 

17. A method comprising the steps of: 

a) on a user interface of germinal device generating a display of privilege state 
data in an array of cells in a three-dimensional view on a terminal device, the privilege state data 
of the cells displayed in correspondence with privilege labels, object labels, and user labels 
arranged along respective transverse axes of tnb three-dimensional view. 

18. A method as claimed in claim 17 wherein the privilege labels correspond to respective 
privilege data, the object labels correspond to respective object data, and the user data correspond 
to respective user data, further comprising the steps ofc 

b) with the user interface of the terminaldevice, inputting privilege state data into 

at least one cell of the array using at least one privilege label, object label, and user label; 

\ 

c) determining the privilege data, object data, and user data corresponding to the 
cell in which the privilege state data is input in the step (b);i 

20 \ #596420 vl - 2513-27564 optima technologies 



^7 , 

privilege daVa, object data, and user data determined in step (c) for the cell in which the privilege 
state data wap input in the step (b); and 

i e) updating the display to include a privilege state symbol corresponding to the 
privilege state Mata input by the user in the step (b), based on the privilege state data stored in the 
memory in the s\ep (d). 



19. A method as claimed in claim 17 wherein the privilege state data includes data for 
"on", "inherited on'\ "public on", "off, "not set", and "disabled" states. 

\ v 

20. A method as claimed in claim 19 wherein the privilege state data toggles between the 

"on", "inherited on", Vpublic on", "off 1 , "not set", and "disabled" states with successive 
activations of an input device of the user interface. 



21. A method as clamied in claim 18 further comprising the step of: ' 

f) with the u\er interface of the terminal device, selecting at least one of the 
privilege labels, object labels, or user labels; and 

g) modifying the\display of the privilege state data by removing or adding cells to 
the three-dimensional view, baseM on the step (f). 



22. A method as claimed in claim 18 wherein the user data identifies first and second user 
entities related by predetermined hierarchical relationship data and the privilege state data is 
input in the step (b) in at least one \ell corresponding to first user entity, the method further 
comprising the steps of: 

f) determining whether thk second user entity inherits privilege state data from the 
first user entity, based on the hierarchical relationship data; and 

g) if the determination in thAstep (f) establishes that the second user entity inherits 
the privilege state data from the first user entity, storing the privilege state data input in the step 
(b) in correspondence with the user data for the second entity and the object data and privilege 
data for which the privilege state data was inputun the step (b). 
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23\ A method as claimed in claim 1 8 wherein the user data identifies dependencies 
between first and second object data related by predetermined dependency data, the method 
further comprising the steps of: 

f) determining whether the second object data inherits privilege state data from the 
from the first ^bject data, based on the predetermined dependency data; and 

if the determination in the step (f) establishes that the second object data 
inherits privilege state data from the first object data, storing the privilege state data input in the 
step (b) in correspondence with the user data for the second entity and the object data and 
privilege data for which the privilege state data was input in the step (b). 



24. A method bs claimed in claim 18 wherein the user data identifies dependencies 
between first and second privilege data related by predetermined dependency data, the method 
further comprising the steps of: 

f) determining whether the second privilege data inherits privilege state data from 
the from the first privilege dab, based on the predetermined dependency data; and 

g) if the determination in the step (f) establishes that the second privilege data 
inherits privilege state data from the first privilege data, storing the privilege state data input in 
the step (b) in correspondence wrth the user data for the second entity and the object data and 
privilege data for which the privilege state data was input in the step (b). 



25. A network system comprismg: 

at least one terminal dWice having a user interface generating a display of 
privilege state symbols in an array of cells in a three-dimensional view, the cells displayed in 
correspondence with privilege labels, object labels, and user labels arranged along respective 
transverse axes of the three-dimensional view; 

a data storage unit coupled tcmhe terminal device, the data storage unit storing 
corresponding privilege data, object data, user Idata, and privilege state data, the privilege labels 
generated based on privilege data, the object labels generated based on respective object data, the 
user labels generated based on respective user lab\ls, and the privilege state symbols generated 
based on the privilege state symbols; and 

at least one server coupled to the terAinal device and the data storage unit, the 
server transmitting privilege data, object data, user da^a, and privilege state data between the 
terminal device and the data storage unit. 
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\26. A network system as claimed in claim 25 wherein the display is generated on the user 
interface by an Application program running on the terminal device, the application program 
including an application program interface to convert privilege state data, privilege data, object 
data, user data, into privilege state symbols, privilege labels, object labels, and user labels, 
respectively, for theYhree-dimensional view for the display on the user interface of the terminal 
device. \ 

27. An article olVnanufacture for use with a terminal device, the article comprising a 
storage medium having any application program for generating a display of privilege state in a 
three-dimensional view on ^terminal device. 
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